Most organizations would prefer centralized auth. When a person resigned his / her email id is deactivated on priority bases, same can be done with openvpn. If same user is being authenticated from existing mail server, it will same time for sys admins to remove access from different places.
compile auth-pam from openvpn source
cd /root/openvpn-2.1.3/plugin/auth-pam make cp openvpn-auth-pam.so /etc/openvpn/
download & install pam_pop3
tar zxvf pam_pop3-1.0.tar.gz yum install gcc pam-devel -y cd pam_pop3 make cp pam_pop3.so /lib/security/
append following in server.conf
plugin /etc/openvpn/openvpn-auth-pam.so "pop3"
Content of pop3 pam.
cat /etc/pam.d/pop3 auth required /lib/security/pam_pop3.so hostname=pop.linuxreaders.com info pwprompt=Passwort: timeout=20 account optional pam_permit.so
This is all needs to be done at server end. at client end append following line in client.conf
Now, while connecting you’ll get prompt to enter username & password. No need to enter domain name. e.g @linuxreaders.com
if you find any missing point in here, please let us know in comment section or tweet us at @linuxreaders. To get more articles like this, subscribe to our RSS feeds / Mails.